Skip to content
Snippets Groups Projects
Select Git revision
  • feature/fix-dependencies-and-introduce-go-modules
  • master default protected
  • 1017-offer-basic-web-installer
  • 890-fix-debian-package-jobs
  • 980-can-t-create-test-case-with-in-testcasename
  • 1023-job-failed-123159204
  • 1011-binaries-should-be-statically-linked
  • 1000-projectl-logos-are-not-shown-re-upload-does-not-help
  • 996-images-broken-when-using-different-data-dir
  • 994-newly-created-test-sequences-cannot-be-saved
  • 991-unable-to-save-after-editing-a-test-case-or-its-test-steps
  • 990-unable-to-create-new-projects
  • v1.7.0
  • Presentation-branch
  • 427-capturing-of-test-environment
  • 785-stp-does-not-work-on-alpine-linux-statically-link-linux-binaries-against-musl-libc-instead-of-linking-them-dynamically-against-glibc
  • 568-labels-can-be-added-to-test-cases-sequences-without-authorization
  • 860-click-on-stp-logo-should-lead-to-systemtestportal-org
  • v1.6.0
  • 564-update-copyright-to-2018
  • v2.0.0
  • v2.0.0-rc13
  • v2.0.0-rc12
  • v2.0.0-rc11
  • v2.0.0-rc10
  • v2.0.0-rc9
  • v2.0.0-rc8
  • v2.0.0-rc7
  • v2.0.0-rc6
  • v2.0.0-rc5
  • v2.0.0-rc4
  • v2.0.0-rc3
  • v2.0.0-rc2
  • v2.0.0-rc1
  • v1.7.0
  • v1.7.0-rc3
  • v.1.6.0
  • v1.6.0-rc7
  • v1.6.0-rc6
  • v1.7.0-rc2
40 results

auth.go

auth.go 2.41 KiB
/*
This file is part of SystemTestPortal.
Copyright (C) 2017  Institute of Software Technology, University of Stuttgart

SystemTestPortal is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

SystemTestPortal is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with SystemTestPortal.  If not, see <http://www.gnu.org/licenses/>.
*/

package middleware

import (
	"log"
	"net/http"

	"github.com/urfave/negroni"
	"gitlab.com/stp-team/systemtestportal-webapp/domain/user"
	"gitlab.com/stp-team/systemtestportal-webapp/web/errors"
)

// UserKey is used to retrieve the currently signed in user from
// the request context (nil if no user is signed in).
const UserKey = "user"
const (
	badCookieTitle = "Invalid cookie!"
	badCookie      = "It seems the cookie you send in your request " +
		"has spoiled. This only happens in really rare cases. " +
		"If this error persists please <a href='" +
		"https://www.howtogeek.com/111925/delete-cookies-in-" +
		"the-five-most-popular-web-browsers-in-windows/'>remove your cookies</a>" +
		" for this site."
)

// SessionHandler is used to get the user that corresponds to a request.
type SessionHandler interface {
	// GetCurrent gets the user that hold the session. If there is no
	// user session the returned user will be nil.
	GetCurrent(r *http.Request) (*user.User, error)
}

// Auth returns a middleware that will check the user session
// for the signed in user.
// The retrieved user will be written into the request
// context with the key "user"
func Auth(session SessionHandler) negroni.HandlerFunc {
	if session == nil {
		log.Panic("Given session handler must not be nil!")
	}
	return func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
		u, err := session.GetCurrent(r)
		if err != nil {
			errors.ConstructStd(http.StatusBadRequest, badCookieTitle, badCookie, r).
				WithLog("Auth: Couldn't get user information out of request.").
				WithStackTrace(1).
				WithCause(err).
				WithRequestDump(r).
				Respond(w)
			return
		}
		AddToContext(r, UserKey, u)
		next(w, r)
	}
}